SMS isn’t even secure. Mitm, social engineering, straight up theft, and more are all ways around it. It should never have been implemented, but especially not when totp exists.
What I despise most in when SMS is not just optional but forced upon me as “backup” to TOTP. “Lost your authenticator app? Send an SMS instead.” How about no?
I don’t believe I’ve run into that, but yeah it completely misses the point of totp. Hell, I’d prefer a lockout over SMS backup in most cases, my totp authentication has multiple encrypted backups.
Especially because you can just backup authenticator to the pendrive in encrypted form. I don’t care I loose my phone, that’s exactly the reason authenticator is better.
My wife’s phone started acting up the other day. It would keep losing cell service and even when it showed a signal, it still would only work on wifi.
That happened a few hours after I ported my phone number (on the same family plan) to another carrier. So naturally, I thought the issue was with the carrier.
Since I planned on porting her number out to my new carrier anyway, I didn’t want to troubleshoot.
Well, get to the new carrier and it’s still not working. Go through the whole process of resetting network settings, and then eventually deleting the esim.
New carrier, though, needs you to receive a text message before they send the esim.
Naturally, with the esim deleted, it couldn’t receive text messages.
Her issue did end up being her phone. Even after the port went through in full, it was still hit-or-miss with cell service. Worked on wifi though.
While I would like the new fancy features. At least RCS is bringing some and is seamlessly integrated.
Bonus I have 10+ years of txt history and can scroll/search to find something. And since my phone is Google (I know evil) I can access it all from the desktop seamlessly in one window.
uhhh that’s not some unique american thing lol, that’s how people here in sweden communicate too
Barely anyone cares what specific protocol is being used, they just care about what app they have to use and who they can reach, and if anyone isn’t using a normal sms app they’re generally using facebook messenger or imessages both of which support sms fallback and thus their users don’t even know there’s a difference half the time.
Can you for example send a video, encrypted and to your computer via SMS? I don’t know how much tech they’ve built over the protocol over in the US, but in many parts of the world SMS was charged per message in your phone bill and things like photos or video cost more to send. People abandoned SMS quickly when 3rd party IP messaging apps like whatsapp came out.
Yeah data got unlimited here before texts, which caused people to move on to other things. Now texts are usually unlimited, but that train has already sailed.
Blame apple for that. IPhone has this proprietary messaging app pre-installed which is probably super convinient for the ecosystem but uses some obsolete SMS protocol to communicate with android phones.
I think recently this has gotten better, but only because beeper and the EU pressing on them
SMS is good enough. Sure it’s not as authenticator or some other MFA method, but it’s good enough. Chances of my random account hiding something worth subverting cell operator to get the SMS and my password, are slim to none. At that point don’t upload anything worth that much.
SMS: Here is your 30s “MFA” code, I’ll send it to you 40 minutes after you need it.
SMS isn’t 2FA. Its 1.5FA.
SMS isn’t even secure. Mitm, social engineering, straight up theft, and more are all ways around it. It should never have been implemented, but especially not when totp exists.
What I despise most in when SMS is not just optional but forced upon me as “backup” to TOTP. “Lost your authenticator app? Send an SMS instead.” How about no?
I don’t believe I’ve run into that, but yeah it completely misses the point of totp. Hell, I’d prefer a lockout over SMS backup in most cases, my totp authentication has multiple encrypted backups.
Especially because you can just backup authenticator to the pendrive in encrypted form. I don’t care I loose my phone, that’s exactly the reason authenticator is better.
Dude.
My wife’s phone started acting up the other day. It would keep losing cell service and even when it showed a signal, it still would only work on wifi.
That happened a few hours after I ported my phone number (on the same family plan) to another carrier. So naturally, I thought the issue was with the carrier.
Since I planned on porting her number out to my new carrier anyway, I didn’t want to troubleshoot.
Well, get to the new carrier and it’s still not working. Go through the whole process of resetting network settings, and then eventually deleting the esim.
New carrier, though, needs you to receive a text message before they send the esim.
Naturally, with the esim deleted, it couldn’t receive text messages.
Her issue did end up being her phone. Even after the port went through in full, it was still hit-or-miss with cell service. Worked on wifi though.
I’ve heard people in the US still use SMS to communicate with eachother. Fucking crazy.
Inertia and ease of use are powerful.
SMS “just works” and works for everyone here.
While I would like the new fancy features. At least RCS is bringing some and is seamlessly integrated.
Bonus I have 10+ years of txt history and can scroll/search to find something. And since my phone is Google (I know evil) I can access it all from the desktop seamlessly in one window.
Sms just works everywhere though
Only when iPhone users need to send a message to literally anyone else.
uhhh that’s not some unique american thing lol, that’s how people here in sweden communicate too
Barely anyone cares what specific protocol is being used, they just care about what app they have to use and who they can reach, and if anyone isn’t using a normal sms app they’re generally using facebook messenger or imessages both of which support sms fallback and thus their users don’t even know there’s a difference half the time.
why not
Can you for example send a video, encrypted and to your computer via SMS? I don’t know how much tech they’ve built over the protocol over in the US, but in many parts of the world SMS was charged per message in your phone bill and things like photos or video cost more to send. People abandoned SMS quickly when 3rd party IP messaging apps like whatsapp came out.
I wouldn’t count on your encrypted WhatsApp video actually being secure.
Use signal for that.
i think most people have unlimited texting and data in america, the greatest country.
Yeah data got unlimited here before texts, which caused people to move on to other things. Now texts are usually unlimited, but that train has already sailed.
Blame apple for that. IPhone has this proprietary messaging app pre-installed which is probably super convinient for the ecosystem but uses some obsolete SMS protocol to communicate with android phones. I think recently this has gotten better, but only because beeper and the EU pressing on them
SMS is good enough. Sure it’s not as authenticator or some other MFA method, but it’s good enough. Chances of my random account hiding something worth subverting cell operator to get the SMS and my password, are slim to none. At that point don’t upload anything worth that much.
Buy a real phone service. I don’t ever remember missing a code.
It’s overwhelmingly whatever provider they use for SMS, or some sort of anti spam checking.
My phone has reception the whole time.